Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-14738

Implement Application Credential Support in openstack-operator

XMLWordPrintable

    • Application Credential Support in openstack-operator
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • Proposed
    • Proposed
    • To Do
    • RHOSSTRAT-121 - Zero downtime password rotation
    • Proposed
    • rhos-ops-platform-services-security
    • Proposed
    • 67% To Do, 0% In Progress, 33% Done

      Goal:

      Enhance the openstack-operator to include a global applicationCredentials parameter in the OpenStackControlPlane CR for enabling AC usage across services, merging global defaults with per-service overrides, and automatically creating the ApplicationCredential CR in the keystone-operator.

      Acceptance Criteria:

      • A new top-level struct in the OpenStackControlPlane CR, e.g.:
      spec:
  applicationCredentials:
    enabled: true/false
    defaultExpirationDays: 90
    gracePeriodDays: 30
      • Optional overrides per service (e.g., barbican, cinder...) that can customize expirationDays or gracePeriodDays.
      • When applicationCredentials.enabled = true the openstack-operator creates (or updates) one ApplicationCredential CR per enabled service
      • Functional and kuttl tests validating toggling false > true results in creating AC, and that the per-service overrides are honored

      Open questions/notes:

      • Support for true --> false

              rh-ee-vfisarov Veronika Fisarova
              rh-ee-vfisarov Veronika Fisarova
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: